I suggest you ...

Enable Two-Factor authentication, and allow a trusted phone number to be capable of resetting a forgotten password

Enable stricter login to accounts that do not have a stored password. Have the option to reset a password, given that a trusted, secured phone number is provided, along with another potential criterion required to be met to recover a lost account password.

47 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Mason Kent shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Shouldn't use a computer phone to access your email. Computer phones are 'the most insecure devices on the planet' according to a computer science major. In fact, it is safer not to use a computer phone at all. A cell phone should just be a phone. I don't need it to wash the dishes and take out the trash, thank you.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Supporting password resetting implied that the tutanota company will need to have access to your password on server-side so that they can decrypt your mailbox and reencrypt with the new private key (or deencrypt and reencrypt your private key itself).

    As a user, I'd rather have the inconvenience of not having the feature than compromising my privacy: that's the whole selling point of tutanota anyway. You (tutanota) don't have my password, and I'd like for it to be kept that way.

  • MH commented  ·   ·  Flag as inappropriate

    You need to know that 2FA using SMS by cellphone is no longer considered highly secure since the known methods of taking over cellphones have not been patched and this info is in the wild. Therefore, password reset is too risky.

Feedback and Knowledge Base